X-Git-Url: https://git.saurik.com/apple/securityd.git/blobdiff_plain/569135f537d6bd5118fa29c2fb4b6d4d436e066e..4cd1cad0dea00daa03e1b54fdf2797a02373ad5b:/src/clientid.cpp?ds=inline

diff --git a/src/clientid.cpp b/src/clientid.cpp
index 7dc6907..24cfe98 100644
--- a/src/clientid.cpp
+++ b/src/clientid.cpp
@@ -155,6 +155,30 @@ const CssmData ClientIdentification::getHash() const
 		return CssmData();
 }
 
+const bool ClientIdentification::checkAppleSigned() const
+{
+	if (GuestState *guest = current()) {
+		if (!guest->checkedSignature) {
+            // This is the clownfish supported way to check for a Mac App Store or B&I signed build
+            CFStringRef requirementString = CFSTR("(anchor apple) or (anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9])");
+            SecRequirementRef  secRequirementRef = NULL;
+            OSStatus status = SecRequirementCreateWithString(requirementString, kSecCSDefaultFlags, &secRequirementRef);
+            if (status == errSecSuccess) {
+                OSStatus status = SecCodeCheckValidity(guest->code, kSecCSDefaultFlags, secRequirementRef);
+                if (status != errSecSuccess) {
+                    secdebug("SecurityAgentXPCQuery", "code requirement check failed (%d)", (int32_t)status);
+                } else {
+                    guest->appleSigned = true;
+                }
+                guest->checkedSignature = true;
+            }
+            CFRelease(secRequirementRef);
+		}
+		return guest->appleSigned;
+	} else
+		return false;
+}
+
 
 //
 // Bonus function: get the path out of a SecCodeRef